WRT3200ACM alternative with WPA3

Hey there!
I'm currently looking for a good router for my home network to put behind the modem of my ISP.
I live in central europe, with a 250/50 internet connection.
I want to flash my new router right away with OpenWRT. I was thinking about a Linksys WRT3200AC, but unfortunately it looks like it won't support WPA3. As this is a new buy, I want it to be "future proof" (without the need for 802.11ax).
So here's my question: What's the best "future-proof" alternative to a WRT3200AC for my home network with the following requirements:

  • WPA3
  • 802.11ac
  • Guest network
  • Wireguard VPN
  • ~10 devices (home network)
  • up to ~200 €
  • PoE (nice to have)

Thanks for any recommendations!

My favorite is:
https://openwrt.org/toh/avm/avm_fritz_box_4040

Those requirements should be met (and exceeded) quite well by ipq8065, such as the Netgear Nighthawk x4s/ r7800 or ZyXEL Armor Z2/ NBG6817. As juppin mentioned, ipq40xx could also be a cheaper option.

ipq8065 is close to the limit for these speeds even without SQM. Although, it is not quite clear what future proof means here. Either way, in my experience this router is limited to ~300..400 Mbps without SQM in real life scenarios (not a lab testing of wired-to-wired without NAT, routing, wifi, etc).

I doubt this statement...
Ath79/ar71xx is close to the limit (without flow offloading) for a 250/50 Mbit link.

Well, I am running an R7800 on a 300/300Mbps connection with PPPoE and it is running both cores are over 90% (after some tweaking) without SQM when either downloading or uploading at full speed over wifi (AC with 80MHz channel width). SQM (fq_codel) brings it down to 200..210 Mbps range.

Again, I am not talking about lab experiments with disabled wifi, NAT, etc: I can get it to 800..900 Mbps over wired in that case, but this test is useless.

With "future-proof" I mean that the hardware should be well supported at the moment and there should be some "buffer" concerning the processor / storage for future upgrades and new features. But I understand that this is a vague requirement, so we can also ignore that.

Thanks for the tips already!
The ZyXEL Armor Z2 looks like a nice tip I haven't even considered yet. But the uplink speed should be met in "non-lab experiments", what would be the next better option after the IPQ8065?
The Fritzbox seems to be a nice and open device, but it's looks is just really bad (sorry for not mentioning that before, the router will be placed quite prominently in the living room)...

Just to make sure: it is the same as R7800 as CPU/WIFI goes.

1 Like

I got that. I just mentioned it as I haven't considered it at all before it was mentioned here.
What would be the "next better option" after the IPQ8065 (if it's possible to determine)?

WRT3200ACM as a border router (great CPU) + R7800/Armor Z2 as a WIFI AP :slight_smile:

You forgot about the money. I'd say that what the OP is looking for does not exist.

At this point, my recommendation is to forget about future-proofing and just buy whatever cheap crap that satisfies other requirements. Without PoE and without SQM, even a TP-Link Archer C7 v2 would work.

Right, I missed the budget. Either way, I think that at that speed SQM is needed.

Within the budgetary constraints, I still think that ipq8065 (as in r7800 or nbg6817) will do the job nicely, as it combines good/ fast wireless (which would be the Achilles heel of the wrt3200acm) with sufficient performance for the stated requirements (and should cover moderate WAN speed bumping in the future, especially as SQM was not part of the stated requirements). OpenWrt for ipq806x is good and the system specifications allow ongoing support for quite a while - and you can find them for around 120-130 EUR, if you're lucky (e.g. warehouse deals).

What's so special about WPA3?

That it fixes lots of problems of WPA2, like its missing forward secrecy during the handshake (which allows offline dictionary attacks).
I think I'll go with the NBG6817. Thanks for all the responses!

That's a very minor issue. The big question is which device mandates WPA3?

You need to start somewhere...
Obviously WPA3 won't be possible for quite a while, as (client-) device coverage simply isn't there, but especially ("invisible") networking devices (and I would count routers as that as well) tend to stick around for quite a while. Without a (personal) policy to avoid buying new devices without support for upcoming standards, you only cement the position that WPA3 isn't an option for all eternity, even beyond the point where WPA3 becomes a necessity.

--
WPA3 support in (OpenWrt capable) devices usually doesn't fail because of WPA3/ SAE itself, but because of hard- or firmware lacking proper support for IEEE 802.11w (which is a mandatory feature for WPA3 and has been around for a decade by now - and which has been in focus of DEAUTH attacks for at least half a decade, so a feature you want to have (more than WPA3 itself). If you don't start looking into compatibility for these features now, you're artificially limiting the lifetime of your devices into the future (especially as it's questionable if you'll get to see any future update for 88W8964 at all). Aside from WPA3/ IEEE 802.11w itself, the known unfixed interoperability issues with increasingly common smarthome/ IoT appliances (esp8266/ esp32) render the wireless capabilities of these mwlwifi devices into a hard sell.

Many WPA3 clients exist today. All of the Pixels and other Android 10 devices. All iPhones. Linux (NetworkManager + latest wpa_supplicant). Windows 10 (1903 builds or higher).

Software support doesn't necessarily mean that hardware magically will support it.

It requires only software support, so if the support supports it it will "magically" work. Only reason why the WRT3200ACM devices do not support it is again simply software based. The parts of the driver that are closed source are required to support it, but they don't.